EGP Protocols for IPv6

The first family of routing protocols presented in this chapter is related to the EGPs. EGPs are used for peering between autonomous systems (ASs). This section presents only one EGP, the well-known Border Gateway Protocol 4 (BGP-4). BGP-4 is the de facto EGP used in interdomains by providers and organizations to exchange routing information between ASs.

NOTE

The content of this chapter is organized in order from the most-prominent routing protocols to the least-prominent. BGP-4 with IPv6 support has been available in the Cisco IOS Software technology since 1995, and it has been used on the 6bone for six years. Thus, BGP-4 is considered the most prominent IPv6 routing protocol used on the 6bone and on the IPv6 Internet today.


Introduction to BGP-4

BGP-4 is a path vector routing protocol that uses TCP (Transmission Control Protocol) on port 179 to establish connections with other BGP-4 routers called BGP neighbors. The path vector information carried by BGP-4 between neighbors is called attributes.

BGP-4 exchanges network reachability information with BGP neighbors using update messages. These messages are incremental: Only updates are exchanged between BGP neighbors. If a route is added or removed, an update message is sent to inform the BGP neighbors.

During their operation on a wide network, BGP-4 routers have multiple AS paths for reaching a particular network destination. Thus, the BGP-4 algorithm is designed to determine the best AS path needed to reach a particular network among lists of feasible AS paths. BGP AS path determination is based on a list of attributes. BGP-4 was designed to be a highly scalable routing protocol for huge networks such as the global Internet.

NOTE

This chapter provides only an overview of the routing protocols. If you want to learn more about BGP-4, read a reference book such as Internet Routing Architectures by Bassam Halabi (Cisco Press). The Cisco website also provides plenty of information regarding BGP-4 and how to manage it over wide deployments of IP networks.


BGP4+ for IPv6

RFC 1771, A Border Gateway Protocol 4 (BGP-4), defines the BGP-4 standard. BGP-4 is mainly implemented and used today in Cisco router implementations, but it can carry routing information only for the IPv4 protocol.

An enhanced version called BGP4+, also known as multiprotocol BGP, extends the BGP-4 specifications to include multiple protocol extensions for new address families such as IPv6, IPX, and VPN. Therefore, BGP4+ can carry routing information for IPv6 and other protocols, including IPv4. RFC 2858, Multiprotocol Extensions for BGP-4, and RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing, define the attributes that were updated to handle IPv6 addresses with BGP4+.

Here are the attributes that are updated in the BGP-4 specifications to support IPv6:

  • NEXT_HOP— This multiprotocol attribute defines the IP address of the border router that should be used as the next hop to the destinations listed. The NEXT_HOP attribute in BGP4+ is expressed as an IPv6 address. This attribute can contain either one aggregatable global unicast IPv6 address or an aggregatable global unicast IPv6 address and the next hop's link-local IPv6 address.

    - Aggregatable global unicast IPv6 address— As mentioned in Chapter 2, aggregatable global unicast addresses are based on the prefix 2000::/3. For example, a NEXT_HOP value would be 2001:410:ffff:1::1 for an aggregatable global unicast IPv6 address.

    - Link-local IPv6 address— As discussed in Chapter 2, link-local addresses are based on the unicast prefix fe80::/10. A link-local address may be used as a NEXT_HOP value with BGP4+ if there is local reachability with the BGP neighbor (adjacency routers). For example, for a NEXT_HOP value to reach an adjacent BGP4+ router using its link-local address, the link-local address would be something such as fe80::200:abcd:af56:fefc. Detailed information on using a link-local address with BGP4+ is presented later in this chapter.

  • NLRI— NLRI (network layer reachability information) is a set of destinations. A destination is defined in BGP-4 as a network prefix with a prefix length value. This attribute can now be expressed as an IPv6 prefix with BGP4+. For example, the NLRI for the network prefix 2001:410:ffff::/48 is 2001:410:ffff::/48.

NOTE

The complete specification of BGP-4 is beyond the scope of this book. As noted earlier, these specifications are the updates added to the BGP-4 specifications for IPv6. Refer to RFC 1771, A Border Gateway Protocol 4 (BGP-4), for the complete BGP-4 specification.


Enabling BGP4+ for IPv6 on Cisco

Since 1995, the 6bone has been using the BGP4+ routing protocol to exchange IPv6 routing information between pseudo-TLA (Top-Level Aggregator) providers for testing purposes. Moreover, almost all IPv6 router vendors and developers, including the Cisco IOS Software technology, now support a BGP4+ version with IPv6 support.

NOTE

Refer to Chapter 7, “Connecting to the IPv6 Internet,” for detailed information on the 6bone and pseudo-TLA.


Configuring BGP4+ for IPv6

The following steps define and configure a BGP4+ routing process on a router. After you configure the routing process, establish a BGP peer using IPv6 addresses. Follow these steps to configure BGP4+ for IPv6:

Step 1.
Enable a BGP process on the router. To do this, specify the local autonomous system:

Router(config)#router bgp
											autonomous-system

For example, enable a BGP process on the router for the local AS65001:

Router(config)#router bgp 65001

Step 2.
By default, the advertisement of routing information for the IPv4 address family is activated automatically for each session using the neighbor [..] remote-as command. If you use the no bgp default ipv4-unicast command, only the IPv6 address family is advertised in BGP updates:

Router(config-router)#no bgp default ipv4-unicast

Step 3.
In IPv4, the local router ID parameter is automatically assigned using the highest IPv4 address configured on the router, with preference given to addresses on the loopback interface. Although IPv6 addresses are longer than IPv4 addresses, the local router ID parameter for BGP has the same size and format for both IPv4 and IPv6. The local router ID is a 32-bit number written as four octets separated by periods (dotted-decimal format). When no IPv4 is set on the router (IPv6-only router), the local router ID parameter must be defined in the BGP configuration as an IPv4 address using the bgp router-id ipv4-address command. You can use any IPv4 address as a value for the local router ID parameter:

Router(config-router)#bgp router-id 172.16.1.10

Step 4.
Define a BGP neighbor. The ipv6-address is the BGP neighbor's next-hop IPv6 address. This command defines either an iBGP or eBGP neighbor:

Router(config-router)#neighbor
											ipv6-address
											remote-as
											autonomous-system

For example, the following command defines an eBGP neighbor using 2001:410:ffff:1::1 as the next-hop aggregatable global unicast IPv6 address and AS65002 as the AS:

Router(config-router)#neighbor 2001:410:ffff:1::1 remote-as 65002

Step 5.
You can assign a BGP neighbor's IPv6 address to a peer group using neighbor ipv6-address peer-group peer-group-name. For example, this command assigns the 2001:410:ffff:2::1 IPv6 address of the BGP neighbor to the peer group cisco99:

Router(config-router)#neighbor 2001:410:ffff:2::1 peer-group cisco99

Step 6.
Place the router in the address-family ipv6 configuration submode:

Router(config-router)#address-family ipv6 [unicast]

The unicast keyword is optional. By default, the router is placed in the unicast address family IPv6.

Step 7.
Enable the exchange of information with the BGP neighbor. The BGP neighbor can be an IPv4 address, the name of a BGP peer group, or an IPv6 address. By default, the exchange of information with BGP neighbors is enabled for the IPv4 address family only. When the neighbor is an IPv6 address, the neighbor [..] activate command must be used to activate the BGP peer:

Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6-address}
  activate

For example, the following command enables the exchange of IPv6 routing information with the BGP neighbor 2001:410:ffff:1::1:

Router(config-router-af)#neighbor 2001:410:ffff:1::1 activate

Step 8.
Specify an IPv6 prefix to announce via BGP4+ for this AS. The IPv6 prefix is entered into the BGP4+ routing table using the network statement:

Router(config-router-af)#network
											ipv6-prefix/prefix length

For example, here the prefix 2001:420:ffff::/48 is entered into the BGP table:

Router(config-router-af)#network 2001:420:ffff::/48

Step 9.
Leave address-family ipv6 configuration mode and return to BGP router configuration mode:

Router(config-router-af)#exit-address-family

The router bgp command is enabled on a global basis.

NOTE

Refer to the Cisco IOS Software BGP command documentation for a complete description of the BGP configuration commands not covered in this section.


Figure 4-1 shows a network architecture over a native IPv6 infrastructure that uses BGP4+ as the routing protocol. Router R1 from AS65001 establishes external BGP peering (multihop eBGP configuration) with Router R3 from AS65002 through an IPv6 provider. The network prefix within AS65001 is 2001:410:ffff::/48, and AS65002 owns the prefix 3ffe:b00:ffff::/48. Router R1 is connected to the IPv6 provider using the Ethernet0 interface. It has the aggregatable global unicast IPv6 address 2001:410:ffff:1::1 assigned to this interface. A default IPv6 route points to the link-local address of the provider's router fe80::250:3eff:fea4:5f12. Router R3 is connected to the same provider on the Ethernet1 interface. It uses 3ffe:b00:ffff:2::2 as an aggregatable global unicast IPv6 address, and its default IPv6 route points to fe80::250:3eff:feb5:6023.

Figure 4-1. eBGP Peering Established Between Routers R1 and R3

[View full size image]

In this example, both aggregatable global unicast IPv6 addresses assigned to these interfaces establish multihop eBGP peering.

Example 4-2 reflects how multihop eBGP peering with IPv6 is established via BGP4+ configuration on Router R1 in Figure 4-1. The ipv6 address 2001:410:ffff:1::1/64 command assigns the static IPv6 address to the interface Ethernet0. Because there is no need for router advertisement on the Ethernet0 interface, the ipv6 nd suppress-ra command disables advertisement on the Ethernet0 interface. For this multihop eBGP configuration, a default IPv6 route that points to the link-local address fe80::250:3eff:fea4:5f12 of the provider's router through the Ethernet0 interface is configured using the ipv6 route ::/0 command.

Example 4-2. Enabling eBGP Peering in Router R1
RouterR1#configure terminal
RouterR1(config)#interface e0
RouterR1(config-if)#ipv6 address 2001:410:ffff:1::1/64
RouterR1(config-if)#ipv6 nd suppress-ra
RouterR1(config-if)#exit
RouterR1(config)#ipv6 route ::/0 ethernet0 fe80::250:3eff:fea4:5f12
RouterR1(config)#router bgp 65001
RouterR1(config-router)#no bgp default ipv4-unicast
RouterR1(config-router)#bgp router-id 1.1.1.1
RouterR1(config-router)#neighbor 3ffe:b00:ffff:2::2 remote-as 65002
RouterR1(config-router)#address-family ipv6
RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 activate
RouterR1(config-router-af)#exit-address-family
RouterR1(config-router)#exit

NOTE

Before establishing a multihop BGP configuration over IPv4 or IPv6, BGP routers must be able to reach each other. Therefore, Interior Gateway Protocol (IGP) routing information must be provided to the routers for this purpose. This is a simple scenario, but Examples 4-2 and 4-3 use a default IPv6 route instead of IGP to provide routing information to both routers. Detailed information about IGP with IPv6 support is presented later in this chapter.


As discussed earlier, the BGP process on Router R1 is enabled using router bgp 65001. Then the no bgp default ipv4-unicast command disables the default protocol IPv4 for this BGP configuration because the infrastructure is based only on IPv6. Next, the bgp router-id 1.1.1.1 command defines this router's local router ID parameter. BGP peering to Router R3 is defined using the neighbor 3ffe:b00:ffff:2::2 remote-as 65002 command. This command identifies the BGP neighbor with its next-hop IPv6 address and AS number 65002. However, to be enabled, this peering must be activated in address-family ipv6 subcommand mode using the neighbor 3ffe:b00:ffff:2::2 activate command.

Example 4-3 shows the BGP4+ configuration applied on Router R3. The same commands used in Example 4-2 are used in this example, except for the next-hop link-local address, the corresponding network interface of the link-local address, and the AS number. This BGP4+ configuration refers to Router R3 in Figure 4-1.

Example 4-3. Enabling eBGP Peering in Router R3
RouterR3#configure terminal
RouterR3(config)#interface e1
RouterR3(config-if)#ipv6 address 3ffe:b00:ffff:2::2/64
RouterR3(config-if)#ipv6 nd suppress-ra
RouterR3(config-if)#exit
RouterR3(config)#ipv6 route ::/0 ethernet1 fe80::250:3eff:feb5:6023

RouterR3(config)#router bgp 65002
RouterR3(config-router)#no bgp default ipv4-unicast
RouterR3(config-router)#bgp router-id 2.2.2.2
RouterR3(config-router)#neighbor 2001:410:ffff:1::1 remote-as 65001
RouterR3(config-router)#address-family ipv6
RouterR3(config-router-af)#neighbor 2001:410:ffff:1::1 activate
RouterR3(config-router-af)#exit-address-family
RouterR3(config-router)#exit

Configuring BGP4+ for IPv6 with Prefix Filtering

Now that you know how to enable BGP peering between routers and networks based on IPv6, this section shows you how prefix lists can be used to filter BGP update messages that include IPv6 information. Since Cisco IOS Software version 12.0, prefix lists are available as an alternative to access lists for BGP-4 filtering. Prefix lists are more flexible and user-friendly than standard and extended access lists.

Configuring BGP4+ for IPv6 with prefix filtering is a two-step task:

  • Defining the prefix list itself by naming the prefix list, determining the order of the statements, and configuring the actions and parameters to filter the prefixes

  • Applying the prefix list within the BGP4+ configuration

The following sections discuss in detail defining and applying prefix lists for IPv6 with BGP4+.

Defining Prefix Lists for IPv6

Prefix lists are available for the IPv6 protocol and can be used with BGP4+ to filter BGP update messages. The ipv6 prefix-list command defines a prefix list for IPv6. The ipv6 prefix-list command is equivalent to the ip prefix-list command in IPv4. The syntax for this command is as follows:

Router(config)#ipv6 prefix-list
									name [seq
									seq-value] permit | deny
									ipv6-prefix/prefix-length [ge
									min-value] [le
									max-value]

The name argument is the name of the prefix list. The parameter seq-value is a sequence number used with the keyword seq to determine the order in which the statements are used during filtering. deny and permit are the action parameters. ipv6-prefix/prefix-length is the IPv6 prefix and the length of the prefix to be matched. min-value and max-value define ranges of prefix length to be matched for prefixes that are more specific than the ipv6-prefix/prefix-length values. The operator ge means greater than or equal to, and the operator le means less than or equal to.

You permit IPv6 routes in the fec0::/10 prefix with a prefix length of up to 48 bits with the following:

Router(config)#ipv6 prefix-list bgpfilterin seq 5 permit FEC0::/10 le 48

You permit IPv6 routes in the 3ffe::/16 prefix with a prefix length of up to 32 bits with the following:

Router(config)#ipv6 prefix-list bgpfilterin seq 10 permit 3ffe::/16 le 32

The ipv6 prefix-list command is configured on a global basis.

Applying Prefix Lists with BGP4+

After the IPv6 prefix list has been defined, you can apply it in the BGP4+ configuration. The IPv6 prefix list must be applied to a BGP neighbor in the address-family ipv6 subcommand mode. The syntax for this command is as follows:

Router(config-router)#address-family ipv6

This places the router in the address-family ipv6 configuration submode.

You apply an IPv6 prefix list to a BGP neighbor to filter input or output route announcements with the following:

Router(config-router-af)#neighbor {peer-group-name | ipv6-address} prefix-list
									prefix-list-name {in | out}

The ipv6-address argument is the neighbor's next-hop IPv6 address. Optionally, the IPv6 address can be a peer-group-name instead. The prefix-list-name argument is the name of the IPv6 prefix list defined earlier. The in and out arguments applied on the prefix list are to inbound or outbound update messages. For example, you can apply the IPv6 prefix list bgpfilterin, defined in the preceding section, to the BGP neighbor 2001:410:ffff:1::1 to inbound BGP4+ route announcements:

Router(config-router-af)#neighbor 2001:410:ffff:1::1 prefix-list bgpfilterin in

Then leave the address-family ipv6 configuration mode and return to the global BGP router configuration mode:

Router(config-router-af)#exit-address-family

The neighbor ipv6-address prefix-list command is applied in the address-family ipv6 subcommand mode.

Figure 4-2 shows a BGP4+ configuration using an IPv6 prefix list applied in Router R1 from AS65001. Router R1 has established eBGP peering with Router R3 from AS65002. However, the manager of AS65001 wants to advertise the prefix 2001:410::/32 to AS65002. Because AS65002 is connected to the 6bone and has potentially multiple BGP neighbors with other ASs, the network administrator wants to filter incoming BGP route announcements received from AS65002. The network administrator wants to receive prefixes of the 6bone 3ffe::/16 based on a prefix length between 16 and 24 bits. Therefore, an IPv6 prefix list is created and then applied in the BGP4+ configuration of Router R1 to enforce this filtering policy for BGP.

Figure 4-2. Prefix Filtering Applied in Router R1's BGP4+ Configuration

[View full size image]

Example 4-4 shows the IPv6 prefix list configuration applied in the BGP4+ configuration of Router R1, as shown in Figure 4-2. The command ipv6 prefix-list outbound seq 5 permit 2001:410::/32 defines the prefix of AS65001 as permitted. Then, the command ipv6 prefix-list inbound seq 5 permit 3ffe::/16 le 24 defines the prefixes within the range 3ffe::/16 to 3ffe::/24 as permitted. In Example 4-4, these two IPv6 prefix lists are applied in the BGP4+ configuration in Router R1's address-family ipv6 subcommand mode using the neighbor 3ffe:b00:ffff:2::2 prefix-list command.

Example 4-4. Applying IPv6 Prefix Filtering in Router R1
RouterR1#configure terminal
									RouterR1(config)#ipv6 prefix-list outbound seq 5 permit 2001:410::/32
									RouterR1(config)#ipv6 prefix-list inbound seq 5 permit 3ffe::/16 le 24
RouterR1(config)#interface e0
RouterR1(config-if)#ipv6 address 2001:410:ffff:1::1/64
RouterR1(config-if)#ipv6 nd suppress-ra
RouterR1(config-if)#exit
RouterR1(config)#ipv6 route ::/0 ethernet0 fe80::250:3eff:fea4:5f12
RouterR1(config)#router bgp 65001
RouterR1(config-router)#no bgp default ipv4-unicast
RouterR1(config-router)#bgp router-id 1.1.1.1
RouterR1(config-router)#neighbor 3ffe:b00:ffff:2::2 remote-as 65002
RouterR1(config-router)#address-family ipv6
RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 activate
									RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 prefix-list outbound out
									RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 prefix-list inbound in
RouterR1(config-router-af)#exit-address-family
RouterR1(config-router)#exit

NOTE

The IPv6 prefix lists in Example 4-4 are applied only to BGP4+ updates received and sent with the BGP neighbor 3ffe:b00:ffff:2::2.


Configuring BGP4+ for IPv6 with a Route Map

Support for IPv6 with the route-map command is available in the Cisco IOS Software. A route map is a kind of advanced access list that can be used in BGP-4 to modify the BGP attributes of network prefixes (routes received from a BGP neighbor and routes announced to another BGP neighbor). In a route map configuration with IPv6 for BGP4+, a prefix list is used with the route-map command to match the IPv6 network prefix on which you modify the BGP attributes.

Configuring BGP4+ for IPv6 with route-map consists of defining a prefix list (as discussed in the preceding section), defining the route map for IPv6, and applying the route map in the BGP4+ configuration. The following sections discuss defining a route map for IPv6 and applying it to a BGP4+ configuration.

Defining Route Maps for IPv6

The same route-map command used in IPv4 creates a route map for IPv6. However, the match and set commands were enhanced to be specific to the IPv6 protocol. Moreover, this section presents only the updates added to the route-map command for IPv6. Refer to the Cisco website for the other commands supported with route-map. The syntax of the route-map command is as follows:

Router(config)#route-map
									map-tag [permit | deny] [sequence-number]

This command defines the conditions for the policy routing. map-tag is the route map name. permit and deny are optional action keywords to be performed if the route-map match conditions are met. sequence-number is another optional argument that defines the position of a new route map statement. This is the same command as in IPv4.

The following command defines filter-messages as a new route map statement and enters the route map subcommand mode:

Router(config)#route-map filter-messages

The next command defines the conditions to match with IPv6. The conditions can be a route's matching IPv6 address, next-hop IPv6 address, or advertised IPv6 source address. A prefix list name must be specified in the matching condition:

Router(config-route-map)#match ipv6 {ipv6-address | next-hop | route-source}
  prefix-list [prefix-list-name]

The conditions to match are defined in the prefix list name filter-traffic:

Router(config-route-map)#match ipv6 address prefix-list filter-traffic

The set ipv6 command defines the action to be performed on a match condition:

Router(config-route-map)#set ipv6 next-hop [ipv6-address] [link-local-address]

The action allowed is the specification of a route's next-hop aggregatable global unicast IPv6 address. Optionally, the next-hop argument in IPv6 can be the link-local address of an adjacent BGP4+ neighbor. A later section shows you how the set ipv6 next-hop command is applied in the BGP4+ configuration.

This command defines the next-hop IPv6 address as 3ffe:b00:ffff:1::1:

Router(config-route-map)#set ipv6 next-hop 3ffe:b00:ffff:1::1

The route-map command is configured on a global basis.

Applying a Route Map with BGP4+

After the route map configuration is complete, you can apply the route map in the BGP4+ configuration. The route map must be applied to a BGP neighbor in the address-family ipv6 subcommand mode. The syntax for this command is as follows:

Router(config-router)#address-family ipv6

This places the router in the address-family ipv6 configuration submode.

Apply the route map to a BGP neighbor to modify the input or output route attributes with the following:

Router(config-router-af)#neighbor {peer-group-name | ipv6-address} route-map
									map-tag {in | out}

For example, you can apply the route map change-policy to the incoming route announcements from the BGP neighbor 2001:410:ffff:1::1:

Router(config-router-af)#neighbor 2001:410:ffff:1::1 route-map change-policy in

Leave the address-family ipv6 configuration submode and return to the BGP router configuration mode:

Router(config-router-af)#exit-address-family

Figure 4-3 shows a BGP4+ configuration in which you can tune the BGP path selection by modifying the local preference attribute using route map statements on routes received from a BGP neighbor. Router R1 from AS65001 has established multihop eBGP peerings to AS65100 and AS65200. However, the network administrator of the AS65001 domain prefers the path to AS65100 for outgoing packets if the same routes are received from both AS65100 and AS65200. Therefore, a route map statement is configured and applied in Router R1's BGP4+ configuration to prefer the path to AS65100.

Figure 4-3. Preferring a Route in Router R1's BGP4+ Configuration Using route-map

[View full size image]

Example 4-5 reflects the route map configuration applied in Router R1's BGP4+ configuration shown in Figure 4-3. The command route-map PreferAS65100 permit 10 defines the route map statement. Then the command set local-preference 120 defines the value 120 as the local preference attribute. The default value of the local preference attribute with BGP is 100. The BGP algorithm prefers the highest local preference value when two routes point out the same destination network. The route map is applied in the BGP4+ configuration in the address-family ipv6 subcommand mode using the neighbor 2001:410:ffff:2::1 route-map PreferAS65100 in command. The route map forces the routes received from AS65100 to have a local preference of 120 rather than 100.

Example 4-5. Applying a Route Map in Router R1's BGP4+ Configuration
RouterR1#configure terminal
									RouterR1(config)#route-map PreferAS65100 permit 10
									RouterR1(config-route-map)#set local-preference 120
RouterR1(config-route-map)#exit
RouterR1(config)#interface e0
RouterR1(config-if)#ipv6 address 2001:410:ffff:1::1/64
RouterR1(config-if)#ipv6 nd suppress-ra
RouterR1(config-if)#exit
RouterR1(config)#ipv6 route ::/0 ethernet0 fe80::250:3eff:fea4:5f12
RouterR1(config)#router bgp 65001
RouterR1(config-router)#no bgp default ipv4-unicast
RouterR1(config-router)#bgp router-id 1.1.1.1
RouterR1(config-router)#neighbor 2001:410:ffff:2::1 remote-as 65100
RouterR1(config-router)#neighbor 2001:410:ffff:3::1 remote-as 65200
RouterR1(config-router)#address-family ipv6
RouterR1(config-router-af)#neighbor 2001:410:ffff:2::1 activate
RouterR1(config-router-af)#neighbor 2001:410:ffff:3::1 activate
									RouterR1(config-router-af)#neighbor 2001:410:ffff:2::1 route-map PreferAS65100 in
RouterR1(config-router-af)#exit-address-family
RouterR1(config-router)#exit

NOTE

The route map shown in Example 4-5 and applied to the eBGP neighbor 2001:410:ffff:2::1 only indicates in AS65001 the path preference to exit the AS. However, this local configuration does not force all incoming packets to pass through AS65100.


Configuring BGP4+ for IPv6 Using Link-Local Addresses

As mentioned earlier, the NEXT_HOP attribute is expressed as an IPv6 address and can now contain a neighbor's link-local address rather than just one aggregatable global unicast IPv6 address. Using link-local addresses of the adjacent BGP neighbors can be useful because this does not require the allocation of aggregatable global unicast IPv6 addresses on links.

Using link-local addresses with BGP might also be interesting when an IPv6 exchange point (IPv6 IX) is built. Some ISP participants might not want to use the IPv6 prefix from other ISPs to configure on their router's interfaces in the IPv6 IX. By configuring an IPv6 link-local address in the BGP configuration, this scenario appears neutral.

However, the use of a link-local address in BGP mandates a specific configuration. Configuring BGP4+ with a link-local address in the Cisco IOS Software consists of identifying the physical interface of the router corresponding to the destination of the link-local address and then defining a route map to modify the NEXT_HOP attribute to inform the neighbor of the physical interface's aggregatable global unicast address.

Identifying the Router's Physical Interface

When specifying a link-local address for the BGP peering configuration, the physical interface associated with the link-local address must be identified in the BGP configuration using the neighbor link-local-address update-source interface command. Because a link-local address is tied to a single link, the router must specify the interface to be made unambiguous.

Defining a Route Map to Advertise the Aggregatable Global Unicast Address to the Neighbor

To advertise the router's aggregatable global unicast IPv6 address to the neighbor, a route map statement must be defined to set the NEXT_HOP attribute on outbound BGP4+ updates sent. The NEXT_HOP attribute must contain both the link-local address and the aggregatable global unicast IPv6 address of the identified interface. Because the link-local address defines the BGP neighbor, the link-local address is already contained in the NEXT_HOP attribute. Therefore, the set ipv6 next-hop command in a route map statement is required to add the aggregatable global unicast IPv6 address of the identified interface in the NEXT_HOP attribute.

NOTE

If the BGP peering using link-local addresses is established without a route map statement advertising the router's aggregatable global unicast address, BGP updates sent to the BGP neighbor are defined as the unspecified address (::). Therefore, the BGP updates are ignored and are dropped by the BGP neighbor.


Table 4-2 presents the steps used to define BGP peering on a router using the link-local address of an adjacent BGP neighbor.

Table 4-2. Defining a BGP Peer Using a Link-Local Address
CommandDescription
Step 1 Router(config)#route-map map-tagDefines a route map name for a BGP4+ configuration.
Example Router(config)#route-map linklocalAS65002Defines linklocalAS65002 as the name of a route map statement.
Step 2 Router(config-route-map)#set ipv6 next-hop ipv6-addressSpecifies the aggregatable global unicast IPv6 address advertised as the next-hop attribute.
Example Router(config-route-map)#set ipv6 next-hop 2001:410:ffff:1::1Defines the aggregatable global unicast IPv6 address 2001:410:ffff:1::1 as the next-hop attribute.
Step 3 Router(config)#router bgp autonomous-systemEnables a BGP process on the router. Specifies the local AS.
Step 4 Router(config-router)#no bgp default ipv4-unicastOnly the IPv6 address family is advertised.
Step 5 Router(config-router)#neighbor link-local-ipv6-address remote-as autonomous-systemDefines a BGP neighbor. The ipv6-address is the IPv6 address of the adjacent BGP neighbor. This command defines either iBGP or eBGP.
Example Router(config-router)#neighbor fe80::260:3eff:fe47:1533 remote-as 65002Defines the eBGP neighbor using fe80::260:3eff:fe47:1533 as the link-local address and 65002 as the AS.
Step 6 Router(config-router)#neighbor link-local-address update-source interfaceIdentifies the interface associated with the neighbor's link-local address.
Example Router(config-router)#neighbor fe80::260:3eff:fe47:1533 update-source ethernet0Defines the interface ethernet0 as the interface associated with the neighbor's link-local address.
Step 7 Router(config-router)#address-family ipv6Places the router in the address-family ipv6 configuration submode.
Step 8 Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6-address} activateEnables the exchange of information with the BGP neighbor.
Example Router(config-router-af)#neighbor fe80::260:3eff:fe47:1533 activateEnables the exchange of BGP4+ IPv6 routing information with the link-local address of the neighbor fe80::260:3eff:fe47:1533.
Step 9 Router(config-router-af)#neighbor {peer-group-name | ipv6-address} route-map map-tag {in | out}Applies a route map to input or output route announcements as specified in the route map statement. The route map configuration must set the aggregatable global unicast IPv6 address on the router as the next-hop argument using the set ipv6 next-hop command.
Example Router(config-router-af)#neighbor fe80::260:3eff:fe47:1533 route-map linklocalAS65002 outApplies the route map linklocalAS65002 to the outgoing route announcements toward the BGP neighbor fe80::260:3eff:fe47:1533.
Step 10 Router(config-router-af)#exit-address-familyLeaves the address-family configuration mode and returns to the BGP router configuration mode.

NOTE

Having the link-local address enabled automatically on the interfaces by the router using EUI-64 format might affect your BGP4+ operation if you must replace your router's interface. To avoid reconfiguring BGP4+ with your BGP neighbors in this situation, it is recommended that you manually assign the link-local address to the router's interfaces instead. Refer to Chapter 2 to learn how to manually assign the link-local address to interfaces.


Figure 4-4 shows Router R1 from AS65001 establishing external BGP peering with Router R3 from AS65002 using the link-local address. The network prefix within AS65001 is 2001:410:ffff::/48, and AS65002 owns the prefix 3ffe:b00:ffff::/48. Router R1's interface Ethernet0 is connected on the same link as Router R3's interface Ethernet1. On Router R1, the aggregatable global unicast IPv6 address 2001:410:ffff:1::1 is assigned to the Ethernet2 interface, and the link-local address fe80::260:3eff:fe47:1533 is configured on the Ethernet0 interface. On Router R3, the aggregatable global unicast IPv6 address 3ffe:b00:ffff:2::2 is assigned to the Ethernet3 interface, and the link-local address fe80::260:3eff:fe78:3351 is configured on the Ethernet1 interface. In this example, the link-local addresses assigned to Router R1's Ethernet0 interface and Router R3's Ethernet1 interface establish the eBGP peer.

Figure 4-4. eBGP Peering Established Between Routers R1 and R3 Using Link-Local Addresses

[View full size image]

Example 4-6 shows the BGP4+ configuration applied on Router R1 to establish the eBGP peer to Router R3 using link-local addresses, as shown in Figure 4-4. The route-map linklocalAS65002 and set ipv6 next-hop 2001:410:ffff:1::1 commands define the next-hop attribute to the aggregatable global unicast IPv6 address 2001:410:ffff:1::1. Then the neighbor fe80::260:3eff:fe78:3351 remote-as 65002 command configures the eBGP peers using the link-local address of Router R3's Ethernet1 interface in AS65002. The neighbor fe80::260:3eff:fe78:3351 update-source ethernet0 command specifies that the source address used for this peering is the link-local address assigned to Router R1's Ethernet0 interface. BGP peering is enabled in the address-family ipv6 subcommand mode using the neighbor fe80::260:3eff:fe78:3351 activate command. Finally, the route map statement used to set the next-hop attribute is applied using the command neighbor fe80::260:3eff:fe78:3351 route-map linklocalAS65002 out.

Example 4-6. Enabling eBGP Peering Using Link-Local Addresses in Router R1
RouterR1#configure terminal
RouterR1(config)#interface e2
RouterR1(config-if)#ipv6 address 2001:410:ffff:1::1/64
RouterR1(config-if)#ipv6 nd suppress-ra
RouterR1(config-if)#exit
									RouterR1(config)#route-map linklocalAS65002
									RouterR1(config-route-map)#set ipv6 next-hop 2001:410:ffff:1::1
RouterR1(config-route-map)#exit
RouterR1(config)#router bgp 65001
RouterR1(config-router)#no bgp default ipv4-unicast
RouterR1(config-router)#bgp router-id 1.1.1.1
									RouterR1(config-router)#neighbor fe80::260:3eff:fe78:3351 remote-as 65002
									RouterR1(config-router)#neighbor fe80::260:3eff:fe78:3351 update-source ethernet0
RouterR1(config-router)#address-family ipv6
									RouterR1(config-router-af)#neighbor fe80::260:3eff:fe78:3351 activate
									RouterR1(config-router-af)#neighbor fe80::260:3eff:fe78:3351 route-map linklocalAS65002 out
RouterR1(config-router-af)#exit-address-family
RouterR1(config-router)#exit

Exchanging IPv4 Routes Between BGP IPv6 Peers

As discussed in Chapter 5, “IPv6 Integration and Coexistence Strategies,” the IPv4 and IPv6 protocols will have to coexist on the same network infrastructure for an undetermined period of time. A situation might occur in which two separate IPv4 networks linked via a native IPv6 provider have to exchange their IPv4 routes through BGP IPv6 peers. Because BGP4+ supports the two address families, this is possible with a multiprotocol BGP peer group, the neighbor [..] soft-reconfiguration command, and a route map configuration to exchange IPv4 routes between BGP IPv6 peers.

Figure 4-5 illustrates Router R1 from AS65100 establishing a multihop eBGP peering over IPv6 with Router R3 from AS65200. On domain A, which is based on both IPv6 and IPv4, network prefixes within AS65100 are 2001:410:ffff::/48 for IPv6 and 133.220.0.0/16 for IPv4.

Figure 4-5. IPv4 Routes Exchanged Between eBGP IPv6 Peers

[View full size image]

On domain B (AS65200), the network prefixes are 3ffe:b00:ffff::/48 for IPv6 and 132.214.0.0/16 and 133.210.0.0/16 for IPv4. The link-local addresses fe80::1001 and fe80::2090 are the default gateway IPv6 addresses of the IPv6-only network between the two dual-stacked domains. A multihop eBGP over IPv6 is configured between Router R1 of AS65100 and Router R3 of AS65200. In this network design, the IPv4 network prefixes 132.214.0.0/16 and 133.210.0.0/16 within AS65200 are advertised to AS65100 through the multihop eBGP IPv6 peer.

Example 4-7 shows the multiprotocol BGP configuration applied on Router R1 within AS65100 that allows IPv4 routes to be exchanged between the BGP IPv6 peers. Router R3 advertises the IPv4 routes 132.214.0.0/16 and 133.210.0.0/16. However, Example 4-7 describes the specific configuration applied in Router R1 to perform this task.

First, the ipv6 route ::/0 ethernet0 fe80::1001 command is the default IPv6 route that points out the router of the IPv6-only network. Then the router bgp 65100 command places the router in the configuration mode for BGP. The command neighbor ipv6-only-peer peer-group creates a multiprotocol BGP peer group. The neighbor 3ffe:b00:fff:2::2 remote-as 65200 command defines the external BGP neighbor using 3ffe:b00:fff:2::2 as the next-hop aggregatable global unicast IPv6 address in AS65200. Then the rest of the configuration is performed in the address-family ipv4 submode instead of the address-family ipv6 subcommand mode to exchange IPv4 prefixes between the two BGP IPv6 peers. The neighbor ipv6-only-peer activate command lets the neighbor exchange prefixes for the IPv4 address family with the local Router R1. Then the neighbor ipv6-only-peer soft-reconfiguration inbound command asks the local Router R1 to store the BGP updates received from the members of the BGP peer group without modifying them. The neighbor 3ffe:b00:ffff:2::2 peer-group ipv6-only-peer command assigns the IPv6 address of the eBGP IPv6 peer (Router R3) to the peer group ipv6-only-peer. Finally, the route-map IPv4-AS65200 is applied to incoming IPv4 routes for the BGP IPv6 neighbor 3ffe:b00:ffff:2::2. Because IPv4 routes are advertised between the two BGP IPv6 peers, it is mandatory in the Router R1 configuration to define the next-hop IPv4 address for the IPv4 routes advertised by Router R3. The set ip next-hop 132.214.1.1 command in the route-map IPv4-AS65200 configuration realizes this operation.

Example 4-7. Configuring eBGP IPv6 Peering to Exchange IPv4 Routes
RouterR1#configure terminal
RouterR1(config)#ipv6 route ::/0 ethernet0 fe80::1001
RouterR1(config)#router bgp 65100
RouterR1(config-router)#neighbor ipv6-only-peer peer-group
RouterR1(config-router)#neighbor 3ffe:b00:ffff:2::2 remote-as 65200
RouterR1(config-router)#address-family ipv4
RouterR1(config-router-af)#neighbor ipv6-only-peer activate
RouterR1(config-router-af)#neighbor ipv6-only-peer soft-reconfiguration inbound
RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 peer-group ipv6-only-peer
RouterR1(config-router-af)#neighbor 3ffe:b00:ffff:2::2 route-map IPv4-AS65200 in
RouterR1(config-router-af)#exit-address-family
RouterR1(config-router)#exit
RouterR1(config)#route-map IPv4-AS65200 permit 10
RouterR1(config-route-map)#set ip next-hop 132.214.1.1
RouterR1(config-route-map)#exit

NOTE

The main goal of this BGP configuration is to allow Router R1 to receive the IPv4 network prefixes 132.214.0.0/16 and 133.210.0.0/16. In the IPv4 routing table, the next-hop address of these network prefixes is 132.214.1.1. This BGP configuration is used only to exchange the IPv6 routing information from Router R3 of AS65200 to Router R1 of AS65100. A similar configuration must be applied in Router R3 to advertise the IPv4 network prefix 133.220.0.0/16 to Router R1.


NOTE

It is important to understand that IPv4 connectivity must be available between domains A and B to establish IPv4 sessions between the domains' nodes. See Chapter 5 for detailed information on strategies and mechanisms to carry IPv4 packets over IPv6-only networks and vice versa.


NOTE

You also can exchange IPv6 routes between two BGP IPv4 peers using the same model.


MD5 Authentication with BGP4+

As defined in RFC 2385, Protection of BGP Sessions Via TCP MD5 Signature Option, BGP can protect itself from the introduction of spoofed TCP segments into the connection stream (of particular concern are TCP resets) using a TCP option that carries an MD5 digest. RFC 2385 does not distinguish between IPv4 and IPv6 pseudo-headers, but it appears to refer to IPv4 headers.

This feature has been adapted to IPv6 in the Cisco IOS Software. Thus, authentication between BGP IPv6 peers is now possible. MD5 authentication, when used between BGP IPv6 peers, must be configured in the address-family ipv6 subcommand mode. The command is used in the same manner as the IPv4 neighbor [..] password command, but in the address-family ipv6 subcommand mode. The syntax for the neighbor [..] password command is as follows:

Router(config-router-af)#neighbor {ipv6-address | peer-group-name} password 5
								password-string

The ipv6-address argument is the IPv6 address of the BGP neighbor. The peer-group-name is the name of the BGP peer group. The password keyword enables authentication on the TCP connection between BGP neighbors. The number 5 stands for MD5. Finally, the password-string is the shared secret used on both BGP peers.

Example 4-8 is a BGP4+ configuration. It shows an example of MD5 authentication between BGP IPv6 peers using the neighbor [..] password command in the address-family ipv6 subcommand mode.

Example 4-8. Redistributing Static IPv6 Routes into BGP4+
RouterR1#configure terminal
RouterR1(config)#router bgp 65001
RouterR1(config-router)#no bgp default ipv4-unicast
RouterR1(config-router)#bgp router-id 1.1.1.1
RouterR1(config-router)#neighbor 2001:410:ffff:2::1 remote-as 65100
RouterR1(config-router)#address-family ipv6
RouterR1(config-router-af)#neighbor 2001:410:ffff:2::1 password 5
								secured-bgp-session
RouterR1(config-router-af)#neighbor 2001:410:ffff:2::1 activate

NOTE

The same secret password must be used on both BGP peers. Otherwise, the TCP connection will fail.


Redistributing IPv6 Routes into BGP4+

The redistribution of routes into BGP4+ is similar to this task in IPv4. As in IPv4, there are several ways to advertise IPv6 prefixes into the BGP4+ protocol:

  • Configuring the network command in the address-family ipv6 subcommand mode, as discussed earlier

  • Redistributing static IPv6 routes configured manually on the router into BGP4+ (this way is an alternative to using the network command)

  • Redistributing IPv6 routes learned dynamically through IGPs such as RIPng, IS-IS for IPv6, and OSPFv3 into BGP4+

Redistributing IPv6 routes with BGP4+ from either static routes or IGP is realized in the address-family ipv6 subcommand mode of BGP4+ using the redistribute command. This command is used in the same manner as the IPv4 redistribute command. The syntax for the redistribute command in the address-family ipv6 subcommand mode is as follows:

Router(config-router-af)#redistribute {bgp | connected | isis | ospf | rip |
  static}

Redistributing Static IPv6 Routes into BGP4+

Optional parameters such as metric and route-map may be supplied with the redistribute static command. A new metric value may be forced for the static IPv6 routes redistributed into BGP4+. Then, a route-map may be used to filter routes against a routing policy. The syntax for the redistribute static command in BGP4+ is as follows:

Router(config-router-af)#redistribute static [metric
									metric-value] [route-map
									map-tag]

NOTE

After the redistribution of IPv6 routes is performed, you can validate the redistribution between any routing protocols using the show ipv6 protocols command. This command is equivalent to the show ip protocols command in IPv4.


The BGP4+ configuration in Example 4-9 shows an example of static IPv6 route redistribution in BGP4+. The routes 2001:410:ffff::/48 and 2001:410:ffff::/48 are added to Router R1's IPv6 routing table. Then, both routes are redistributed into BGP4+ using the redistribute static command in the address-family ipv6 subcommand mode.

Example 4-9. Redistributing Static IPv6 Routes into BGP4+
RouterR1#configure terminal
RouterR1(config)#ipv6 route 2001:410:ffff::/48 null 0
RouterR1(config)#ipv6 route 2001:420:ffff::/48 null 0
RouterR1(config)#router bgp 65001
<OUTPUT OMITTED>
RouterR1(config-router)#address-family ipv6
									RouterR1(config-router-af)#redistribute static

NOTE

As in IPv4, IPv6 routes redistributed into BGP4+ must already be available in the IPv6 routing table. However, if your routing table has no route and you want to place static routes in the IPv6 routing table only to redistribute them into BGP4+, you must define null 0 as the destination network interface with the ipv6 route command. This configuration is similar to the ip route ipv4-prefix mask null 0 command in IPv4.


Redistributing IGP into BGP4+

As in IPv4, you can redistribute routes from IGP into BGP4+. However, this is not recommended because it might cause route instability in the BGP4+ routing table (it might generate several BGP update messages to BGP peers). Although redistributing IGP into BGP4+ is not recommended, the following section presents commands for redistributing RIPng and IS-IS for IPv6 routes into BGP4+.

Redistributing RIPng into BGP4+

The redistribute rip command is used in BGP4+'s address-family ipv6 subcommand mode to define the redistribution of RIPng into BGP4+. The process argument is the RIPng process on the router that must be redistributed. The optional metric parameter identifies a new metric value associated with RIPng routes advertised into BGP4+. Finally, a route-map may be used optionally to filter incoming IPv6 routes from the source protocol RIPng to BGP4+. The syntax for the redistribute rip command in BGP4+ is as follows:

Router(config-router-af)#redistribute rip
									process [metric
									metric-value] [route-map
									map-tag]

NOTE

RIPng is discussed in detail later in this chapter.


Redistributing IS-IS for IPv6 into BGP4+

The redistribute isis command defines the redistribution of IS-IS for IPv6 routes into BGP4+. The process argument is the IS-IS process. The level-1, level-2, and level-1-2 keywords specify the level of IS-IS routes that is injected into BGP4+ from IS-IS. The metric-type argument identifies the IS-IS metric associated with routes advertised into IS-IS: internal means an IS-IS metric less than 63 (the default), and external is an IS-IS metric less than 128 but greater than 64. As with RIPng, the optional metric parameter may be used to identify a new metric value associated with IS-IS routes advertised into BGP4+. Finally, a route-map may be used optionally to filter incoming IPv6 routes from the source protocol IS-IS to BGP4+. The syntax for the redistribute isis command is as follows:

Router(config-router-af)#redistribute isis
									process {level-1 | level-2 | level-1-2}
  [metric-type {external | internal}] [metric
									metric-value] [route-map
									map-tag]

NOTE

IS-IS for IPv6 is discussed in detail later in this chapter.


Verifying and Managing BGP4+ for IPv6

You can display information, IPv6 BGP neighbors, and statistics using the show bgp ipv6 command, which displays the IPv6 BGP table. This command is equivalent to the show ip bgp command in IPv4:

Router#show bgp ipv6 [ipv6-prefix/0-128 | community | community-list | dampened-paths |
  filter-list | flap-statistics | inconsistent-as | neighbors | quote-regexp |
  regexp | summary]

Table 4-3 describes the command options and parameters you can use with the show bgp ipv6 command.

Table 4-3. show bgp ipv6 Command Parameters
Command ParameterDescription
ipv6-prefix/0-128Displays all the path information related to the IPv6 prefix and prefix length given as arguments.
communityDisplays information on the routes matching IPv6 BGP communities.
community-listDisplays information on the routes matching the IPv6 BGP community list.
dampened-pathsDisplays information on the IPv6 paths suppressed due to dampening.
filter-listDisplays routes conforming to the filter list.
flap-statisticsDisplays information on the flap statistics of IPv6 BGP neighbors.
inconsistent-asDisplays information on routes that have inconsistent origin autonomous systems.
neighborsDisplays information on the state of IPv6 BGP neighbors.
quote-regexpDisplays IPv6 BGP routes that match the AS path regular expression as a quoted string of characters.
regexpDisplays IPv6 BGP routes that match the AS path regular expression.
summaryDisplays summary information regarding the state of IPv6 BGP neighbors.

You can reset IPv6 BGP neighbors, TCP connections, and flap dampening using the clear bgp ipv6 command. This command is equivalent to the clear bgp command in IPv4. The syntax for this command is as follows:

Router#clear bgp ipv6 {* | autonomous-system | ipv6-address | dampening | external |
  flap-statistics | peer-group}

Table 4-4 presents the options and parameters of the clear bgp ipv6 command.

Table 4-4. clear bgp ipv6 Command Parameters
Command ParameterDescription
*Resets all IPv6 BGP neighbors.
autonomous-systemResets all IPv6 BGP neighbors with the AS number given as an argument.
ipv6-addressResets the TCP connection to the specified BGP neighbor and removes from the BGP table all routes that have been learned from this session.
dampeningResets all flap-dampening information related to IPv6 BGP neighbors.
externalResets all external IPv6 peers.
flap-statisticsClears all route flap statistics related to IPv6 BGP neighbors.
peer-groupResets the TCP connection to this peer group and removes from the BGP table all routes that have been learned from this session.

The command debug bgp ipv6 displays debug information related to the BGP4+ routing protocol. Table 4-5 lists the arguments that can be specified with this command. This command is equivalent to the debug bgp command in IPv4.

Table 4-5. debug bgp ipv6 Command Parameters
Command ParameterDescription
dampeningEnables BGP routing protocol debugging for IPv6. Displays messages related to dampening.
updatesEnables BGP routing protocol debugging for IPv6. Displays BGP4+ update messages.

Verifying Prefix Lists with IPv6

The command show ipv6 prefix-list may be used to display summary or specific detailed information related to the IPv6 prefix lists configured in the router. This command is equivalent to the show ip prefix-list command in IPv4. The syntax for this command is as follows:

Router#show ipv6 prefix-list [summary | detail] name

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.244.86